summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPhil Oester <kernel@linuxace.com>2013-10-05 09:44:56 -0700
committerPablo Neira Ayuso <pablo@netfilter.org>2013-10-22 10:52:32 +0200
commitb259d1aca0db1bed5af3e4fe378f8aeb4d3ce645 (patch)
tree0dea304c654a8c4d107720b4c73a561f623b1468 /include
parent2855909e46f4646f137a96892bd5c465fa1193f8 (diff)
src: operational limit match
The nft limit match currently does not work at all. Below patches to nftables, libnftables, and kernel address the issue. A few notes on the implementation: - Removed support for nano/micro/milli second limits. These seem pointless, given we are using jiffies in the limit match, not a hpet. And who really needs to limit items down to sub-second level?? - 'depth' member is removed as unnecessary. All we need in the kernel is the rate and the unit. - 'stamp' member becomes the time we need to next refresh the token bucket, instead of being updated on every packet which goes through the match. This closes netfilter bugzilla #827, reported by Eric Leblond. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/statement.h1
1 files changed, 0 insertions, 1 deletions
diff --git a/include/statement.h b/include/statement.h
index 53702317..6ecbb18d 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -41,7 +41,6 @@ extern struct stmt *log_stmt_alloc(const struct location *loc);
struct limit_stmt {
uint64_t rate;
uint64_t unit;
- uint64_t depth;
};
extern struct stmt *limit_stmt_alloc(const struct location *loc);